VDB
GHSA-gwp4-mcv4-w95j
GHSA-gwp4-mcv4-w95j
PUBLISHED
CVSS 9.300000190734863 CRITICAL
jwcrypto token substitution can lead to authentication bypass
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | jwcrypto | 0, 0, 0 |
| PyPI | jwcrypto | 0, 0 |
Timeline
- Sep 21, 2022 CVE Published
References
- https://github.com/latchset/jwcrypto/security/advisories/GHSA-gwp4-mcv4-w95j url
- https://github.com/latchset/jwcrypto/commit/f4e912f83cb578e2cd47f8a9398bf15f680bf558 url
- https://github.com/latchset/jwcrypto package
- https://github.com/latchset/jwcrypto/releases/tag/v1.4.0 url
- GitHub Advisory GHSA-gwp4-mcv4-w95j vendor-advisory